Description
It was discovered that ImageMagick did not properly sanitize certain input
before using it to invoke processes. A remote attacker could create a specially
crafted image that, when processed by an application using ImageMagick or an
unsuspecting user using the ImageMagick utilities, would lead to arbitrary
execution of shell commands with the privileges of the user running the
application. (CVE-2016-5118)
* It was discovered that ImageMagick did not properly sanitize certain input
before passing it to the gnuplot delegate functionality. A remote attacker could
create a specially crafted image that, when processed by an application using
ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead
to arbitrary execution of shell commands with the privileges of the user running
the application. (CVE-2016-5239)
* Multiple flaws have been discovered in ImageMagick. A remote attacker could,
for example, create specially crafted images that, when processed by an
application using ImageMagick or an unsuspecting user using the ImageMagick
utilities, would result in a memory corruption and, potentially, execution of
arbitrary code, a denial of service, or an application crash. (CVE-2015-8896,
CVE-2015-8895, CVE-2016-5240, CVE-2015-8897, CVE-2015-8898)